+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

10 Must-Follow InfoSec Bloggers of 2015

Written by Jordan True

November 12th, 2015

Want to stay up to date on the latest information security trends, breaches, and discoveries? We searched across the deep web to find the top bloggers who live and breathe information security. It’s these amazing security experts who make your life easier by keeping you up to date on the latest InfoSec news and research. Their interesting experience and knowledge brings new insight into the latest discoveries and breaches. If you don’t have them on your must-read list, follow them NOW! Note: These blogs are in no particular order.

Top 10 InfoSec Bloggers

Eric Vanderburg


No need to put your security thinking cap on! Eric Vanderburg brings his expertise as a global cyber security leader, author, and speaker. With a balance of technical and business understanding, Eric’s passion is providing his insight in the academic and online communities. With over 30 certifications, you’ll find great advice on the latest InfoSec research and security career tips. Awarded #11 in the top 25 Twitter accounts that will keep you on top of identity theft, add him as a follower!

What’s our favorite blog post?

Be sure to read: Which Security Career is Right for You?


David Marshall


Get all of your virtualization technology news and information directly from David Marshall’s VM Blog! A VMware vExpert 8 years and counting, you’ll get expert virtualization tips from the technical editor of the popular “Virtualization for Dummies” series himself. His main goal is to spread the word about virtualization’s latest trends, technologies, and news. As virtualization security becomes more complex, he warns, “[It] doesn’t matter if something is physical and on-premises, virtualized or in the cloud, InfoSec is still a major focus and an area of expertise that needs to be identified and taken on by top talent.” As you turn to virtual environments, get the best advice from the virtualization guru, David Marshall!

What’s the best advice David can offer InfoSec pros in 5 words?

“Wow, only 5 words?  I’ll try to do it in 3.  In the film Glengarry Glen Ross, they opined ‘Always be closing’ to a sales team.  For InfoSec pros, my 3 words of advice would be, ‘Always be learning.’  Measure your job in terms of what you are learning.  Read and research online, go to trade shows and meetups, network with peers, talk with co-workers in other groups, etc.  Expand your InfoSec vocabulary.  And when you’ve learned enough to make your current job feel like a dead-end and you want to be able to contribute so much more, move on to bigger and better opportunities and your new position will come with greater dollars and more demanding work… and yes, where you can still learn even more.  Always be learning.”


Bruce Schneier


No InfoSec top bloggers list would be complete without including internationally renowned security technologist and author, Bruce Schneier. Since 2004, Schneier’s blog focuses on privacy, government, and cryptography. Called the “security guru” by The Economist be sure to subscribe to his blog and pick up his latest book, “Data and Goliath”.

What’s our favorite blog post?

Be sure to read: Face Facts about Internet Security


Wendy Nather


Wendy’s impressive InfoSec background includes experience as an analyst and CISO in both the public and private sectors. She started her career working as a system administrator for a Swiss bank and now is the Research Director at the Retail Cyber Intelligence Sharing Center.  You’ll find her expert perspective covers all things InfoSec related.

Which InfoSec pro does Wendy look to as a mentor?

“I look up to so many other InfoSec pros for their different areas of expertise, but if I were to name only one, Gene Spafford (@TheRealSpaf) would be it. He has seen and done it all, and he has already predicted most of what we’re now discovering.”


Elie Bursztein


The lead at Google on the anti-abuse research team, Elie’s blog helps tackle performance and security. He’s the man in charge of redesigning Google’s CAPTCHA to make it easier and safer for internet users. Adding to his list of impressive achievements, Elie has helped report over 100 security vulnerabilities! Follow Elie’s blog for tips on protecting your users and organization against cyber-criminal and internet threats.

Which InfoSec pro does Elie look to as a mentor?

“No mentor, but a bunch of friends and colleagues that inspire me to get better including Tavis Ormandy, Lcamtuf, Halvar Flake and Neel Metha.”


Dave Shackleford


As security consultant and the lead faculty for IANS, you’ll find Dave’s passion for information technology lying in the areas of malware, virtualization security, auditing and compliance, and log management. He is a SANS Certified Instructor and author, and his background and expertise includes over 10 IT-related certifications. You’ll find deep insights and personal thoughts on breaking information security related topics on his ShackF00 blog.

What does Dave think of the popular password myth that passwords are dead?

Watch now!


Tony Perez


Tony brings his passion of business, security, and life to his blog. Keeping up with the constant changes to security can be hard and Tony carries you through his journey in information security to provide his thoughts and opinions on its evolution. Starting his InfoSec career at 18, Tony has a wide range of information security experience in various technology industries. Tailored to the everyday user, you’ll find his blog focused primarily on website security along with general security concepts.

What’s our favorite blog post?
Be sure to read: Two Critical Challenges Facing Website Security


Roger McClinton


Starting in 2004, Roger’s information security blog started as a way to collect links for research. Once he started adding commentary, his blog took off and became one of the most widely read InfoSec blogs today. You’ll find Roger’s blog a great source for security reviews and any news related IT security topics.

What’s our favorite blog post?

Be sure to read: Not A Phish This Time


Brian Krebs


Brian Krebs started in security “by accident” when his entire home network was overrun by a Chinese hacking group. Brian felt compelled to learn more about computer security and so, his information security career began. Brian brings his reporter background with The Washington Post to his blog to dive into the deep details of security news and investigations. With more than 1,300 blog posts under his belt, you’ll find compelling articles that’ll drive your information security curiosity.

What is the best advice Brian can offer other InfoSec pros in 5 words?

Never stop breaking and fixing stuff.


Dan Kaminsky


For breaking security issues Dan Kaminsky is your go to guy! Kaminsky is best known for his work finding a critical flaw in the Internet’s Domain Name System (DNS). Today you’ll find him presenting his security research at Defcon and advising top Fortune 500 companies. Luckily for you, Kaminsky offers his advice freely on his blog.

What’s our favorite blog post?

Be sure to read: Defcon 23: Let’s End Clickjacking


Try Thycotic Secret Server Free for 30 Days


The following two tabs change content below.

Jordan True

Jordan is a social media strategist, digital community manager and a lover of all things IT. She currently manages the Social Media Program at Thycotic and loves to connect with technology communities online and at enterprise IT events. Addicted to the outdoors, you can find Jordan on the running trails in her free time or sharing the latest InfoSec buzz on Twitter @ThycoticJordan.